El Jefe: free program for process-centric intrusion detection

Discussion in 'other anti-malware software' started by MrBrian, Feb 27, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://holisticinfosec.blogspot.com/2011/02/el-jefe-boss-will-see-you-know.html:
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ MrBrian

    Thanks :thumb: Looks interesting. From what i can gather though, it "appears" to be used in conjunction with VM, is this correct ?
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).

    Yes, apparently it requires VMWare Player or VMWare Workstation to run the server on.

    Here are details on the Intrusion section (from the manual):
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ MrBrian

    Thanks for the confirmation, and extra info :) Could be Very useful indeed to those that have VM :thumb:

    Be nice if you, and/or others, had time to test it and give us your results. I don't have VM so i can't !
     
  5. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    Thanks alot @MrBrian for bringing this up .... i guess it's like Remnux and zerowine stuff but more friendly interface specially the client thing
    i am downloading it now to give it a try

    PS : tested... as i can tell, it isnt worth to download 1 Gb for simple analyzing like this ..i expected more details but nothing
    i tested it with virus sality, stuxnet and zeus samples
    besides client caused some problem to my operation system which made me move to try it in VM (i dont know if this move was wrong to test it)
    maybe i couldnt get all features it still has :(

    if someone else tried it, please post ur feedback
     
    Last edited: Mar 1, 2011
Loading...
Thread Status:
Not open for further replies.